pool/liboqs
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 986335 from home:cgiboudeaux:branches:devel:libraries:c_c++

Browse Source 
- Add upstream changes:
  * 0001-Add-support-for-powerpc64.-1160.patch
  * 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
- Spec cleanup

OBS-URL: https://build.opensuse.org/request/show/986335
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/liboqs?expand=0&rev=5
This commit is contained in:
Marcus Meissner 2022-07-02 09:24:27 +00:00 committed by Git OBS Bridge
parent 9ccd5ca9b0
commit 1b13ac9e9a
4 changed files with 283 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
0001-Add-support-for-powerpc64.-1160.patch Normal file
View File

@ -0,0 +1,152 @@
From eb2f38c44ed15e058bc7ab217ba614b32f012090 Mon Sep 17 00:00:00 2001
From: pkubaj <pkubaj@FreeBSD.org>
Date: Fri, 24 Dec 2021 00:03:25 +0100
Subject: [PATCH 1/2] Add support for powerpc64. (#1160)
This is 64-bit POWER big-endian. Since s390x (64-bit big-endian) and ppc64le
(64-bit POWER) are already supported, this shouldn't be an issue.
---
.CMake/alg_support.cmake | 4 ++--
CMakeLists.txt | 7 +++++++
src/kem/sike/CMakeLists.txt | 3 +++
src/kem/sike/external/P434/P434_internal.h | 2 +-
src/kem/sike/external/P503/P503_internal.h | 2 +-
src/kem/sike/external/P610/P610_internal.h | 2 +-
src/kem/sike/external/P751/P751_internal.h | 2 +-
src/kem/sike/external/config.h | 7 +++++++
8 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/.CMake/alg_support.cmake b/.CMake/alg_support.cmake
index 0de57e8..bb9ebea 100644
--- a/.CMake/alg_support.cmake
+++ b/.CMake/alg_support.cmake
@@ -27,8 +27,8 @@ if(OQS_DIST_X86_64_BUILD OR OQS_USE_AVX2_INSTRUCTIONS)
endif()
endif()
-# BIKE is not supported on Windows, 32-bit ARM and S390X (big endian)
-cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON "NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X" OFF)
+# BIKE is not supported on Windows, 32-bit ARM, S390X (big endian) and PPC64 (big endian)
+cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON "NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X; NOT ARCH_PPC64" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_bike_l1 "" ON "OQS_ENABLE_KEM_BIKE" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_bike_l3 "" ON "OQS_ENABLE_KEM_BIKE" OFF)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 140cfb8..416da83 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -59,6 +59,13 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64le|powerpc64le")
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC64LE_BUILD ON)
endif()
+elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc64|powerpc64)")
+ message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR})
+ set(ARCH "ppc64")
+ set(ARCH_PPC64 ON)
+ if(${OQS_DIST_BUILD})
+ set(OQS_DIST_PPC64_BUILD ON)
+ endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x")
set(ARCH "s390x")
set(ARCH_S390X ON)
diff --git a/src/kem/sike/CMakeLists.txt b/src/kem/sike/CMakeLists.txt
index c260ce1..0f4714b 100644
--- a/src/kem/sike/CMakeLists.txt
+++ b/src/kem/sike/CMakeLists.txt
@@ -8,6 +8,7 @@ if(
ARCH_ARM32v7 OR
ARCH_ARM64v8 OR
ARCH_PPC64LE OR
+ ARCH_PPC64 OR
ARCH_S390X)
AND
# check that one SIDH/SIKE alg is enabled
@@ -137,6 +138,8 @@ if(
target_compile_definitions(sike PRIVATE USE_SIKEP751_ASM)
endif()
endif()
+ elseif(ARCH_PPC64)
+ target_compile_definitions(sike PRIVATE _GENERIC_ _PPC64_)
elseif(ARCH_PPC64LE)
target_compile_definitions(sike PRIVATE _GENERIC_ _PPC64LE_)
elseif(ARCH_S390X)
diff --git a/src/kem/sike/external/P434/P434_internal.h b/src/kem/sike/external/P434/P434_internal.h
index 6c7f66c..168ac9f 100644
--- a/src/kem/sike/external/P434/P434_internal.h
+++ b/src/kem/sike/external/P434/P434_internal.h
@@ -9,7 +9,7 @@
#include "../config.h"
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
#define NWORDS_FIELD 7 // Number of words of a 434-bit field element
#define p434_ZERO_WORDS 3 // Number of "0" digits in the least significant part of p434 + 1
#elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/P503/P503_internal.h b/src/kem/sike/external/P503/P503_internal.h
index 3a9bb32..3c72a4b 100644
--- a/src/kem/sike/external/P503/P503_internal.h
+++ b/src/kem/sike/external/P503/P503_internal.h
@@ -9,7 +9,7 @@
#include "../config.h"
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
#define NWORDS_FIELD 8 // Number of words of a 503-bit field element
#define p503_ZERO_WORDS 3 // Number of "0" digits in the least significant part of p503 + 1
#elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/P610/P610_internal.h b/src/kem/sike/external/P610/P610_internal.h
index 8a6a08f..7d6f60d 100644
--- a/src/kem/sike/external/P610/P610_internal.h
+++ b/src/kem/sike/external/P610/P610_internal.h
@@ -9,7 +9,7 @@
#include "../config.h"
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
#define NWORDS_FIELD 10 // Number of words of a 610-bit field element
#define p610_ZERO_WORDS 4 // Number of "0" digits in the least significant part of p610 + 1
#elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/P751/P751_internal.h b/src/kem/sike/external/P751/P751_internal.h
index 1f9f231..0b17da1 100644
--- a/src/kem/sike/external/P751/P751_internal.h
+++ b/src/kem/sike/external/P751/P751_internal.h
@@ -9,7 +9,7 @@
#include "../config.h"
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
#define NWORDS_FIELD 12 // Number of words of a 751-bit field element
#define p751_ZERO_WORDS 5 // Number of "0" digits in the least significant part of p751 + 1
#elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/config.h b/src/kem/sike/external/config.h
index 1a915d3..46cd312 100644
--- a/src/kem/sike/external/config.h
+++ b/src/kem/sike/external/config.h
@@ -32,6 +32,7 @@
#define TARGET_ARM 4
#define TARGET_ARM64 5
#define TARGET_PPC64LE 6
+#define TARGET_PPC64 7
#if defined(_AMD64_)
#define TARGET TARGET_AMD64
@@ -63,6 +64,12 @@ typedef uint16_t hdigit_t; // Unsigned 16-bit digit
#define LOG2RADIX 6
typedef uint64_t digit_t; // Unsigned 64-bit digit
typedef uint32_t hdigit_t; // Unsigned 32-bit digit
+#elif defined(_PPC64_)
+#define TARGET TARGET_PPC64
+#define RADIX 64
+#define LOG2RADIX 6
+typedef uint64_t digit_t; // Unsigned 64-bit digit
+typedef uint32_t hdigit_t; // Unsigned 32-bit digit
#elif defined(_PPC64LE_)
#define TARGET TARGET_PPC64LE
#define RADIX 64
--
2.36.1

83
0002-Mark-stack-non-executable-when-compiling-with-clang-.patch Normal file
View File

@ -0,0 +1,83 @@
From 9f72562d661a0fd1b5773966fb199a8faea144c1 Mon Sep 17 00:00:00 2001
From: Douglas Stebila <dstebila@users.noreply.github.com>
Date: Sun, 9 Jan 2022 11:30:10 -0500
Subject: [PATCH 2/2] Mark stack non-executable when compiling with clang or
gcc (#1161)
* Mark stack non-executable when compiling with clang or gcc
Fixes #1159
* Change noexecstack option on gcc
* Use gcc noexecstack only on non-Darwin
* Check for non-executable stack in shared object builds on Linux
---
.CMake/compiler_opts.cmake | 4 ++++
tests/{test_namespace.py => test_binary.py} | 16 ++++++++++++++++
2 files changed, 20 insertions(+)
rename tests/{test_namespace.py => test_binary.py} (74%)
diff --git a/.CMake/compiler_opts.cmake b/.CMake/compiler_opts.cmake
index 9dd5b32..72c741a 100644
--- a/.CMake/compiler_opts.cmake
+++ b/.CMake/compiler_opts.cmake
@@ -67,6 +67,7 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
add_compile_options(-Wextra)
add_compile_options(-Wpedantic)
add_compile_options(-Wno-unused-command-line-argument)
+ set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
if(NOT ${OQS_BUILD_ONLY_LIB})
set(THREADS_PREFER_PTHREAD_FLAG ON)
@@ -117,6 +118,9 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
add_compile_options(-Wformat=2)
add_compile_options(-Wfloat-equal)
add_compile_options(-Wwrite-strings)
+ if (NOT CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+ set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
+ endif()
if(NOT ${OQS_BUILD_ONLY_LIB})
set(THREADS_PREFER_PTHREAD_FLAG ON)
diff --git a/tests/test_namespace.py b/tests/test_binary.py
similarity index 74%
rename from tests/test_namespace.py
rename to tests/test_binary.py
index 9a3fb9e..d212f41 100644
--- a/tests/test_namespace.py
+++ b/tests/test_binary.py
@@ -1,6 +1,7 @@
# SPDX-License-Identifier: MIT
import helpers
+import os
import pytest
import sys
import glob
@@ -51,6 +52,21 @@ def test_namespace():
assert(len(non_namespaced) == 0)
+@helpers.filtered_test
+@pytest.mark.skipif(not(sys.platform.startswith("linux")), reason="Only supported on Linux")
+@pytest.mark.skipif(not(os.path.exists(helpers.get_current_build_dir_name()+'/lib/liboqs.so')), reason="Only supported on builds with a shared library")
+def test_non_executable_stack():
+ liboqs = helpers.get_current_build_dir_name()+'/lib/liboqs.so'
+ out = helpers.run_subprocess(
+ ['readelf', '--wide', '--segments', liboqs]
+ )
+ lines = out.strip().split("\n")
+ for line in lines:
+ if "GNU_STACK" in line:
+ chunks = line.strip().split()
+ flags = chunks[6]
+ assert(flags == 'RW')
+
if __name__ == "__main__":
import sys
pytest.main(sys.argv)
--
2.36.1

8
liboqs.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Sat Jul 2 07:21:42 UTC 2022 - Christophe Giboudeaux <christophe@krop.fr>
- Add upstream changes:
* 0001-Add-support-for-powerpc64.-1160.patch
* 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
- Spec cleanup
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 25 07:48:57 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com> Tue Jan 25 07:48:57 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>

70
liboqs.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package libkcapi # spec file for package liboqs
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
@ -22,13 +22,16 @@ Release: 0
Summary: C library for quantum-resistant cryptographic algorithms Summary: C library for quantum-resistant cryptographic algorithms
License: MIT License: MIT
Group: Productivity/Security Group: Productivity/Security
Url: https://github.com/open-quantum-safe/liboqs/ URL: https://github.com/open-quantum-safe/liboqs/
Source: https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{version}.tar.gz Source: https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{version}.tar.gz
Source1: baselibs.conf Source1: baselibs.conf
Patch0: liboqs-fix-build.patch Patch0: liboqs-fix-build.patch
BuildRequires: cmake # PATCH-FIX-UPSTREAM
BuildRequires: libopenssl-devel Patch1: 0001-Add-support-for-powerpc64.-1160.patch
BuildRequires: doxygen Patch2: 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
BuildRequires: cmake
BuildRequires: doxygen
BuildRequires: libopenssl-devel
%description %description
liboqs is an open source C library for quantum-resistant cryptographic liboqs is an open source C library for quantum-resistant cryptographic
@ -40,17 +43,17 @@ Summary: C library for quantum-resistant cryptographic algorithms
Group: System/Libraries Group: System/Libraries
%description -n liboqs0 %description -n liboqs0
liboqs is a C library for quantum-resistant cryptographic liboqs is a C library for quantum-resistant cryptographic
algorithms. Details about liboqs can be found in README.md. See in algorithms. Details about liboqs can be found in README.md. See in
particular limitations on intended use. particular limitations on intended use.
%package devel %package devel
Summary: Open source C library for quantum-resistant cryptographic algorithms Summary: Open source C library for quantum-resistant cryptographic algorithms
Group: Development/Languages/C and C++ Group: Development/Languages/C and C++
Requires: liboqs0 = %version Requires: liboqs0 = %{version}
%description devel %description devel
liboqs is an open source C library for quantum-resistant cryptographic liboqs is an open source C library for quantum-resistant cryptographic
algorithms. Details about liboqs can be found in README.md. See in algorithms. Details about liboqs can be found in README.md. See in
particular limitations on intended use. particular limitations on intended use.
@ -58,36 +61,43 @@ particular limitations on intended use.
%autosetup -p1 %autosetup -p1
%build %build
mkdir build export RPM_OPT_FLAGS="%{optflags} -std=gnu11"
export RPM_OPT_FLAGS="%optflags -std=gnu11"
cd build # 20220702: The %%cmake macro can't be used because a 'CMakeLists.txt' folder
cmake -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=ON .. # exists
%cmake_build cmake -S . -B build -DBUILD_SHARED_LIBS:BOOL=ON -DOQS_DIST_BUILD:BOOL=ON
pushd build
%cmake_build
popd
%install %install
%cmake_install %cmake_install
# need to find out what cmake option is needed # need to find out what cmake option is needed
mv %buildroot/usr/local/* %buildroot/usr mv %{buildroot}%{_prefix}/local/* %{buildroot}%{_prefix}
if [ "%_lib" != "lib" ]; then
mv %buildroot/usr/lib %buildroot/usr/%_lib if [ "%{_lib}" != "lib" ]; then
mv %{buildroot}%{_prefix}/lib %{buildroot}%{_libdir}
fi fi
rmdir %buildroot/usr/local/
rmdir %{buildroot}%{_prefix}/local/
%post -n liboqs0 -p /sbin/ldconfig %post -n liboqs0 -p /sbin/ldconfig
%postun -n liboqs0 -p /sbin/ldconfig %postun -n liboqs0 -p /sbin/ldconfig
%files -n liboqs0 %files -n liboqs0
%license LICENSE.txt %license LICENSE.txt
/%{_libdir}/liboqs.so.0* %{_libdir}/liboqs.so.0*
%files devel %files devel
%license LICENSE.txt %license LICENSE.txt
%dir %{_includedir}/oqs %dir %{_includedir}/oqs
%{_includedir}/oqs/* %{_includedir}/oqs/*
/%_libdir/liboqs.so %{_libdir}/liboqs.so
%dir /%_libdir/cmake/ %dir %{_libdir}/cmake/
%dir /%_libdir/cmake/liboqs/ %dir %{_libdir}/cmake/liboqs/
/%_libdir/cmake/liboqs/liboqsConfig-noconfig.cmake %{_libdir}/cmake/liboqs/liboqsConfig-noconfig.cmake
/%_libdir/cmake/liboqs/liboqsConfig.cmake %{_libdir}/cmake/liboqs/liboqsConfig.cmake
%changelog %changelog